While the press and blogs are buzzing about cloud computing, VMware has made probably one of the most significant cloud-related announcements ever made; and with vShield Zones has added even more distance between rivals when it comes to data center and cloud security.
Last year at VMworld in Cannes, VMware announced the VMsafe VMware security partner ecosystem. The virtualization security “industry” had been notably silent (other than a colorful row between security blogger/expert Chris Hoff and Citrix CTO Simon Crosby) for the rest of 2008. Virtualization expert Rich Miller even mentioned the sound of security silence at VMworld Las Vegas in September:
The theme I noted most at VMworld 2007 a year ago was “security.” This year, it seemed noticeably absent. My sense is that the industry has yet to catch up and capitalize on VMsafe. Because all of the “next generation” of offerings from VMware and the independent providers are still in development, no one made too much of security issues.
The contrast between the Cannes security ecosystem exuberance and VMware crossing the Rubicon at VMworld Cannes 2009 marked a stunning and much needed shift in the virtualization space. It was the first serious step by any vendor towards a real solution for securing the cloud and moving data center virtualization deployments from virtualization-lite (hypervisor VLANs) to “rack and stack” cloud environments.
While Microsoft and Citrix make price adjustments VMware launches genuine innovation that could significantly change the economics of IT in production environments. Security is a critical differentiator when it comes to deploying virtualization in production data centers and creating cloud environments.
This move is not without risk, as VMware had invested great effort in lining up a security partner ecosystem which was kicked off the year before in Cannes, which I celebrated via an interview with Tarry Singh during my recent tenure at Blue Lane (which was acquired by VMware in 2008).
If the Blue Lane acquisition didn’t send a chill down the spine of the network security industry, this announcement should. It signals a new era in security introduced, ironically, by a virtualization vendor. Despite the virtsec exuberance and optimism introduced by the new and novel security requirements, much of the network security industry was caught flat-footed. And that still seems to be the case.
Gartner VP Neil MacDonald summed it up with his recent blog about the traditional security vendors:
Many are clinging to business models based on their overpriced hardware-based solutions and not offering virtualized versions of their solutions. They are afraid of the inevitable disruption (and potential cannibalization) that virtualization will create.
The writing is on the wall for network security vendors who have elected to wait and see if the “cloud computing hype” is just a passing fad or are clinging to obsolete technology or business models. The vShield announcement could also a double-edged sword for the virtsec startup vendors: 1) who could be more isolated than ever from the virtsec momentum within VMware and yet 2) possibly more strategic now that VMware has played a real security card in the marketing battle.
With the VMware vShield Zones announcement, any vendor who thinks that virtualization and security are two separate and distinct matters is headed for the distinctive Club Maginot school of static security expertise. They are about to relive the fates of French officers watching German planes fly over the massive, integrated and ambitious French defense investment at one of its strongest points (in Belgium). The wall was designed for WW1 and was partly responsible for a rapid German conquest of France in early WW2.
Virtualization and cloud are introducing new demands on security, because they are introducing new, unprecedented levels of mobility and automation for systems and endpoints. The economic payoffs are so promising that cloud promises to have a substantial impact on the computing era. The question is, are those who think in terms of static networks (whether they are security or network vendors or pros) are fully prepared for the requirements of Infrastructure 2.0?
Yet the increased velocity of change is also making the network itself more strategic and yet more challenged. This collision between automated systems and manually managed networks will produce significant opportunities for networking vendors and professionals who understand the power and opportunity of automation; and significant risks for those still riding the “kludge train” of manual reactions to the automation revolution now proliferating within the bowels of IT.
I am a senior director at Infoblox. You can follow my comments in real time at www.twitter.com/archimedius.